Security Engineer Network
Resume:
Harshith Shubhakar
Senior Network Security Engineer *****************@*****.*** +1-779-***-****
Summary:
Experienced Network Security Engineer with over 8 years of expertise in designing, implementing, and securing enterprise networks across cloud and on-prem environments.
Proficient in firewall security (Palo Alto, FortiGate, Cisco ASA, and Check Point) with advanced rule optimization, segmentation, and threat mitigation.
Skilled in SD-WAN solutions (Cisco Viptela, Prisma Access, Fortinet), ensuring secure, optimized traffic flow across multi-cloud and hybrid networks.
Deep expertise in cloud security across AWS, Azure, and GCP, including IAM, VPC security, Transit Gateway, AWS Network Firewall, and Prisma Cloud.
Strong background in load balancing and application security with F5 BIG-IP, AWS ALB/NLB, and GCP Load Balancer to ensure high availability and performance.
Expertise in network automation using Ansible, Terraform, Python, and CI/CD pipelines, reducing manual configuration errors and deployment time.
Hands-on experience with Cisco ACI and SDN solutions, implementing micro-segmentation, policy automation, and fabric networking. Troubleshot network issues on Linux servers using TCP/IP, BGP, OSPF, and VLAN configurations.
Extensive knowledge of routing and switching (BGP, OSPF, EIGRP, QoS, MPLS) across large-scale enterprise networks.
Experienced in Zero Trust and NAC solutions (Cisco ISE, FortiNAC) to enforce role-based access control, endpoint security, and secure BYOD strategies.
Adept in incident response, SIEM integrations, and security compliance (PCI-DSS, HIPAA, NIST) to proactively defend against cyber threats and maintain regulatory standards.
Technical Skills:
Cisco Platforms
Nexus 9K 7K, 5K, 2K and 1K, Cisco routers (7600,7200, 3900, 3600, 2800, 2600, 2500, 1800 series) & Cisco Catalyst switches (6500, 4900, 3750, 3500, 4500, 2900, 6807 series),
Juniper Platforms
SRX, MX, EX Series Routers and Switches
Networking Concepts
Access-lists, Routing, Switching, Subnetting, Designing, CSU/DSU, IPsec, VLAN, VPN, WEP, WAP, MPLS, VoIP, Bluetooth, Wi-Fi
Firewall
ASA Firewall (5505/5510/5520), Checkpoint (R75/R76), Palo Alto (2k, 3k, 5k), Juniper SRX (240).
Network Tools
Solar winds, SNMP, Cisco Works, Wire shark, Net cool, Net brain
Load Balancers
Cisco CSM, F5 Networks (Big-IP)
WAN technologies
Frame Relay, ISDN, ATM, MPLS, leased lines & exposure to PPP, DS1,DS3,OC3, T1 /T3 & SONET
LAN technologies
Ethernet, Fast Ethernet, Gigabit Ethernet, & 10 Gigabit Ethernet, Port- channel, VLANS, VTP, STP, RSTP, 802.1Q
Networking Protocols
RIP, OSPF, EIGRP, BGP, STP, RSTP, VLANs, VTP, PAGP, LACP, MPLS, HSRP, VRRP, GLBP, TACACS+, Radius, AAA, IPv4 and IPv6
Work Experience:
Comcast, PA
Sr. Network Security Engineer April 2024 - Present
Responsibilities:
Monitored rule hit counts in Palo Alto firewalls to identify high-traffic rules, optimizing and consolidating them for improved performance.
Leveraged Palo Alto’s built-in rule optimization tools, such as Rule Usage Statistics, to remove or consolidate unused rules, enhancing firewall efficiency.
Configured and managed Palo Alto PA-7050, PA-7000, PA-5450, PA-5420, and PA-3450 firewalls with IPS, antivirus, anti-spyware, and URL filtering to protect against advanced threats.
Migrated security policies, NAT rules, and VPN configurations from PA-5000 to PA-7000 series firewalls, ensuring seamless transitions with zero downtime.
Integrated Prisma Access with SD-WAN solutions, providing secure, direct-to-cloud access while maintaining application performance and compliance.
Deployed and configured F5 VIPRION chassis for high-availability load balancing and application traffic management in large-scale enterprise environments.
Implemented advanced iRules for traffic redirection, persistence, and security policies, ensuring optimal performance and security enforcement.
Configured cloud-native load balancers such as AWS ELB, Azure Load Balancer, and GCP Network Load Balancer, ensuring redundancy and high availability.
Deployed virtual F5 solutions within AWS, Azure, and GCP to balance traffic between hybrid cloud and on-prem environments, optimizing application delivery.
Reduced server load and enhanced encryption security by implementing SSL offloading on NetScaler, managing certificates, and securing data transmission.
Automated deployment and configuration of network devices using Ansible, Terraform, and Python, reducing manual effort and improving network consistency.
Utilized CI/CD pipelines to automate network configuration deployment and validate changes in test environments before production rollouts.
Implemented network observability using Syslog, NetFlow, Grafana, and Elastic Stack, proactively detecting issues and reducing MTTR.
Developed Python scripts to monitor AWS resource utilization and auto-scale infrastructure, reducing costs while maintaining performance.
Automated AWS security compliance checks using AWS Config and Lambda functions, ensuring adherence to industry best practices and audit requirements.
Configured and managed Cisco Nexus (5K, 7K, 9K), Catalyst switches, and ASR routers, optimizing routing and switching for enterprise networks.
Implemented advanced routing protocols (EIGRP, OSPF, BGP) across WAN/LAN environments, including secure VPNs and QoS for traffic prioritization.
Integrated Cisco security solutions (Firepower, ASA, ISE) into the network to enforce security policies and enhance compliance.
Designed and deployed SD-WAN architectures using Viptela, integrating cloud services (AWS, Azure) for hybrid and multi-cloud connectivity.
Configured and managed SD-WAN controllers, edge devices, and policies, optimizing network traffic flow across branch locations.
Engineered high-availability SD-WAN solutions using BGP, OSPF, and static routing, ensuring failover resilience and reliability.
Integrated security features like firewalls and threat detection into SD-WAN deployments, mitigating cybersecurity risks.
Designed and deployed secure AWS VPCs, configuring subnets, route tables, NAT gateways, and Direct Connect for hybrid cloud solutions.
Configured AWS Transit Gateway to streamline and scale connectivity across multiple VPCs and on-premises networks, reducing complexity.
Deployed AWS IAM policies, security groups, and NACLs to enforce least-privilege access and harden cloud security.
Implemented AWS S3, Glacier, and Lifecycle Policies for automated backup and disaster recovery, ensuring business continuity.
Automated provisioning of AWS resources using Terraform and CloudFormation, reducing deployment time and improving efficiency.
Diagnosed and resolved complex FortiGate VPN connectivity issues, ensuring secure and seamless remote access.
Integrated FortiGate with Fortinet Security Fabric, enabling coordinated threat intelligence sharing and automated response.
Managed logs and security events from Fortinet devices (FortiGate, FortiSwitch, FortiAP), leveraging centralized visibility for incident response.
Implemented WAN link load balancing on FortiGate 60 firewalls, optimizing bandwidth utilization across multiple ISPs.
Played a critical role in real-time incident response, leveraging FortiGate 1000 series for threat containment and forensic analysis.
Designed and implemented Cisco ACI spine-leaf fabric architecture with 96 leaf switches, optimizing east-west traffic flow and minimizing latency.
Automated Cisco ACI deployments using Ansible, ensuring rapid provisioning and enforcing consistent security policies.
Integrated ACI Bridge Domains and Subnets into enterprise environments, streamlining network segmentation and security enforcement.
Implemented ACI policy-based automation, allowing for dynamic network provisioning and rapid adaptation to changes.
Charter Communications, CO
Network Security Engineer Sep 2022 – March 2024
Responsibilities:
Integrated Prisma Cloud with Kubernetes and Docker, enhancing cloud security through automated vulnerability detection, compliance enforcement, and runtime protection for containerized environments.
Developed security policies for Prisma Cloud, ensuring real-time threat detection and compliance adherence across AWS, Azure, and GCP workloads.
Educated teams on interpreting Prisma Cloud reports, alerts, and dashboards, improving security visibility and proactive incident response.
Deployed and troubleshooted TCP/IP networks across diverse environments, implementing IPv6 alongside IPv4-to-IPv6 translation, ensuring seamless network upgrades and maintaining 100% backward compatibility.
Implemented firewall rules, VPNs, and ACLs to secure TCP/IP networks, proactively defending against cyber threats and reducing unauthorized access attempts by 30%.
Troubleshot network issues on Linux servers using TCP/IP, BGP, OSPF, and VLAN configurations.
Configured and managed AWS Elastic Load Balancers (ELB, ALB, and NLB) to optimize application traffic flow and ensure high availability, auto-scaling, and fault tolerance.
Implemented AWS security controls, including network ACLs, security groups, AWS WAF, Shield, and AWS Firewall Manager to defend against DDoS attacks and unauthorized access.
Integrated AWS VPC Flow Logs with SIEM platforms, including AWS CloudWatch, Splunk, and Elastic Stack, for real-time network traffic monitoring and forensic analysis.
Designed and deployed AWS Network Firewall for deep packet inspection and stateful traffic filtering to prevent unauthorized access and lateral movement in cloud environments.
Configured AWS Transit Gateway to simplify and scale connectivity between multiple VPCs, data centers, and remote branch offices, optimizing hybrid cloud networking.
Troubleshot performance issues on Palo Alto VM-Series firewalls, analyzing resource utilization, throughput, and session counts to fine-tune security policies and firewall efficiency.
Deployed and optimized SD-WAN security policies, including IPsec tunnels, Zero Trust segmentation, and application-aware firewall rules, ensuring end-to-end traffic security.
Integrated Secure Web Gateways (SWG), CASB, and ZTNA solutions with SD-WAN architectures, enhancing secure access to cloud applications and enforcing data loss prevention policies.
Designed and automated network provisioning workflows using Python, Ansible, Terraform, and Cisco DNAC, reducing manual intervention and human errors in configuration deployments.
Developed custom automation scripts for managing multi-vendor network environments (Cisco, Palo Alto, Juniper, F5, and Fortinet), enabling consistent policy enforcement and change management.
Implemented advanced iRules on F5 BIG-IP to control HTTP traffic redirection, enforce security policies, and optimize application performance using SSL offloading, caching, and compression.
Engineered global traffic management (GTM) strategies for multi-region deployments using F5 DNS, ensuring application availability, low-latency access, and disaster recovery failover.
Deployed and configured Cisco ACI fabric, integrating spine-leaf architectures with micro-segmentation, endpoint policy automation, and secure inter-tenant connectivity.
Managed complex routing protocols (BGP, OSPF, and EIGRP) across large-scale enterprise and hybrid cloud networks, optimizing traffic engineering and failover redundancy.
Configured Palo Alto Panorama for centralized firewall management, automating security rule deployments across PA-3000, PA-5000, PA-5200, and PA-7000 series firewalls.
Implemented granular security policies on FortiGate firewalls, utilizing Application Control (App-ID), SSL decryption, and IPS to mitigate advanced persistent threats (APTs).
DXC, Texas
Network Engineer Aug 2018 – July 2022
Responsibilities:
Configured rules and maintained checkpoint VSX, Cisco ASA Firewalls & Analysis of firewall logs using various tools.
Integrated Checkpoint firewall into client’s existing network to provide security for application and handled incident tickets related to the issues in the Firewall along with the connectivity issues.
Managed and supported Cisco ASA firewalls, including VPN configurations, access control lists (ACLs), and high availability (HA) configurations.
Deployed Cisco ISE for Zero Trust Network Access (ZTNA), integrating posture-based access controls and adaptive authentication policies for endpoint security compliance.
Integrated Cisco ACI with AWS Direct Connect and Azure ExpressRoute, optimizing hybrid cloud connectivity and ensuring encrypted, high-speed data transfer between on-premises and cloud environments.
Configured Aruba Instant Access Points and Controllers to enhance wireless security, implementing WPA3 encryption, VLAN segmentation, and role-based access controls for enterprise Wi-Fi networks.
Designed CI/CD pipelines with AWS Code Pipeline and Jenkins, automating network infrastructure deployments, configuration testing, and rollback strategies for seamless production updates.
Implemented Cisco ASA firewalls with intrusion prevention systems (IPS), web application firewalls (WAFs), and other security solutions.
Configured, installed and managed check point firewall devices checkpoint 600, 1100, 3000 device series.
Worked on Cisco ACI SDN architecture to reduce operation costs and automate IT tasks.
Understand the custom SolarWinds dashboards to provide real-time visibility into network status and performance metrics for different stakeholders.
Worked on new security infrastructure design, implementation, new DMZ creations, Pod migrations, data center moves on F5 Big IP 5200, Juniper SRX 3600, SRX 5800 & SRX 4200 Firewalls.
Configured L3 protocols (IP, BGP, OSPF, EIGRP, IGRP, RIP), redistribution, summarization, Filtration (using distribute list, route map, prefix list, access list).
Worked on migrating from Cisco 7600 to MX-960 & ASR 7k routers and Nexus 2K and 5K series for data center redundancy.
Involved in the orchestrating the deployment of Cisco Tetration’s workload protection features to secure applications both on-premises and in cloud environments.
Worked on Blue coat Proxy SG 600, 900 appliances for content filtering, Blue coat policy align with corporate security policy with VPM (Visual Policy Manager).
Ktree, India
Network Technician Dec 2016 – July 2018
Responsibilities:
Supported the design, implementation, and level 2 Change Management services in a Data Center environment for all stores LAN/WAN facilities.
Designed, implemented and performed troubleshooting for LAN/WAN solutions using Cisco routers/switches, EIGRP and OSPF routing protocols VTP and Ether Channel, created and managed Layer 2/3 VLANs and managed security.
Installed and relocated Fast/Gigabit Ethernet Copper and Single/Multimode Fiber patch cabling from data center patch panels to network hosts.
Accessed Interactive Coverage Areas operated by Citrix to monitor and evaluate coverage in specific locations.
Prevented future call backs with education of support to ensure mobile device solutions.
Education: -
M.S in Management information system 2024.
B.E in Aeronautical Engineering,2018
Contact this candidate